Elysia application does not load swagger documentation if using elysia-helmet lib

[vitorpldev]

I'm facing a problem when using swagger() and helmet() together in an Elysia application. When I configure the application as follows:

import Elysia from 'elysia'
import swagger from '@elysiajs/swagger'
import { helmet } from 'elysia-helmet'

const app = new Elysia()
  .use(swagger())
  .use(helmet())
  .get('/root', () => 'Hello World')
  .listen(3333)

Swagger should automatically add a /swagger route to document API routes. However, when using helmet(), the /swagger route does not load correctly; the page is completely blank.

It seems that helmet() is enforcing some security restrictions that prevent Swagger from working as expected. If anyone has experienced this or knows of a solution, I would appreciate your help!

[vastamaki]

You can use something like this to make it work

app.use(
  helmet({
    contentSecurityPolicy: {
      directives: {
        defaultSrc: ["'self'"],
        scriptSrc: [
          "'self'",
          "'unsafe-inline'",
          'unpkg.com',
          'cdn.jsdelivr.net',
        ],
        styleSrc: ["'self'", "'unsafe-inline'", 'unpkg.com'],
        imgSrc: ['data:'],
      },
    },
  })
)